summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog832
1 files changed, 832 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 000000000..50412cf8b
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,832 @@
+strongswan (5.0.2-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+ * debian/patches:
+ - 01_fix-manpages refreshed.
+ - 02_add-LICENSE dropped, included upstream.
+ - 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed,
+ included upstream.
+ - 04-Fixed-IPv6-source-address-lookup dropped, included upstream.
+ * debian/rules:
+ - --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not
+ valid anymore for ./configure, remove them.
+ - add --enable-xauth-eap and --enable-xauth-pam.
+ - remove pluto handling since it's gone
+ - don't special-case XAuth on kFreeBSD anymore.
+ * debian/control:
+ - drop strongswan-ikev1 package
+ - rename strongswan-ikev2 package to strongswan-ike for now and makes it
+ replace strongswan-ikev1 and strongswan-ikev2.
+ - rephrase long description to remove references to pluto.
+ - provide transition -ikev{1,2} packages for upgrades.
+ * debian/strongswan-ikev1.install removed.
+ * debian/strongswan-ikev2.* renamed to strongswan-ike.
+ * debian/strongswan-nm.install:
+ - NetworkManager plugin is now a separate executable.
+ * debian/libstrongswan.install:
+ - install new pkcs7, xauth-eap, xauth-generic, xauth-pam and nonce plugins.
+ * debian/strongswan.docs: CREDITS file is gone.
+ * debian/ipsec.secrets.proto: remove reference to pluto.
+ * debian/strongswan-starter.* remove references to pluto.
+ * debian/po: update potfiles for new phrasing.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Thu, 07 Feb 2013 13:27:53 +0100
+
+strongswan (4.6.4-6) unstable; urgency=low
+
+ * debian/rules:
+ - revert dropping privileges, it breaks too many setups for now and it's
+ not possible to disable it. reopens #529854 and closes: #680722
+ * debian/control:
+ - add Breaks/Replaces strongswan-ikev2 on libstrongswan because of moved
+ plugins. closes: #681312
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 01 Dec 2012 14:24:49 +0100
+
+strongswan (4.6.4-5) unstable; urgency=low
+
+ [ Yves-Alexis Perez ]
+ * debian/control:
+ - and finally make libcap-dev linux-any too...
+ - make -ikev1 linux-any since pluto can't be build on FreeBSD.
+ * debian/rules:
+ - stop installing logcheck rules manually. closes: #679745
+ - handle non kFreeBSD more carefully closes: #640928
+ + don't enable NM and Linux capabilities drop;
+ + disable pluto (and xauth plugin);
+ + don't enable farp and dhcp, enable kernel-pf{key,route} plugins
+ * Handle logcheck files from dh_installlogcheck and thus name them correctly
+ so they are not installed in the wrong package. closes: #679745
+ * debian/po
+ - add turkish translation, thanks Atila KOÇ. closes: #659879
+ * debian/patches:
+ - 04-Fixed-IPv6-source-address-lookup added, backported from upstream.
+ Fix IPv6 tunnels, broken because of bad handling of source routing.
+
+ [ Laurent Bigonville ]
+ * Do not use multi-arch paths, this makes no sense as only one instance of
+ the daemon can be run and all libraries are private.
+ * d/p/03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch: NM now
+ requires a tundev, pass the loopback interface to make it happy
+ (thanks to Martin Willi)
+ * debian/control: Fix Vcs-Browser URL
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 Jul 2012 14:21:03 +0200
+
+strongswan (4.6.4-4) unstable; urgency=low
+
+ * debian/control:
+ - libnm-glib-vpn-dev also is linux-any, fix build-deps.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 18:54:00 +0200
+
+strongswan (4.6.4-3) unstable; urgency=low
+
+ * debian/strongswan-starter.postrm
+ - remove strongswan user on purge.
+ * debian/rules:
+ - enable gcrypt plugin. closes: #600326
+ * debian/libstrongswan.install:
+ - ship gcrypt plugin.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 17:08:08 +0200
+
+strongswan (4.6.4-2) unstable; urgency=low
+
+ * Upload to unstable.
+ * debian/rules:
+ - use the strongswan user. closes: #529854
+ * debian/control:
+ - fix libnm-glib-vpn-dev build-dep, it's linux-any.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 15:37:58 +0200
+
+strongswan (4.6.4-1) experimental; urgency=low
+
+ * New upstream release. closes: #664190
+ - stop including individual glib headers. closes: #665612
+ * debian/patches:
+ - drop all patches, they're all included upstream now.
+ * debian/*.install:
+ - drop destination path
+ - libs are in ipsec folder now
+ - add libradius, libtls, libtnccs and libsimaka to libstrongswan.
+ - add tnc-tnccs, pkcs8 and cmac plugins to libstrongswan.
+ - use multiarch paths
+ - move ldap, curl, kernel-netlink and attr* plugins to libstrongswan,
+ since they are used by pluto too. closes: #611846
+ * debian/control:
+ - add myself to uploaders, in hope that some others will join.
+ - update standards version to 3.9.3.
+ - add depend on adduser to strongswan-starter for use in maintainer
+ scripts.
+ - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for
+ hardening support.
+ - make strongswan-nm linux-any and adjust network-manager-dev build-dep to
+ only happen on linux arches. closes: #640928
+ * debian/compat bumped to 9.
+ * debian/rules:
+ - enable hardening flags with PIE and bindnow.
+ - use multiarch paths.
+ - inconditionnally enable network-manager.
+ - switch to dh.
+ - ignore plugins in dh_makeshlibs.
+ - don't generate maintainer scripts snippets for init scripts, it's
+ already handled (atlhough we might want to change that later)
+ - stop bypassing dh_installdocs.
+ - disable DES and Blowfish plugin as they are under a 4 clauses BSD-like
+ license.
+ * debian/libstrongswan.lintian-overrides,
+ debian/libstrongswan-ikev2.lintian-overrides:
+ - override warning for hardening flags, we do use them.
+ * debian/patches:
+ - 01_fix-manpages added, fix space in NAME section.
+ - 02_add-LICENSE added, add the license file from upstream not yet present
+ in tarball.
+ * debian/copyright completely rewritten.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Fri, 29 Jun 2012 21:24:37 +0200
+
+strongswan (4.5.2-1.5) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix "package must not include /var/lock/subsys":
+ don't ship /var/lock/subsys but create it in the init script.
+ (Closes: #667764)
+
+ -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 16:21:27 +0200
+
+strongswan (4.5.2-1.4) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * debian/patches:
+ - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added,
+ backported from upstream. Fix CVE-2012-2388 (when using gmp plugin,
+ zero length RSA signatures are considered valid).
+ - 0001-Added-support-for-the-resolvconf-framework-in-resolv added,
+ correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873
+
+ -- Yves-Alexis Perez <corsac@debian.org> Thu, 24 May 2012 17:55:51 +0200
+
+strongswan (4.5.2-1.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues. Debconf translations:
+ - Dutch; (Jeroen Schot). Closes: #631502
+ - Norwegian Bokmål, (Bjørn Steensrud). Closes: #654411
+ - Polish (Michał Kułach). Closes: #658125
+
+ -- Christian Perrier <bubulle@debian.org> Wed, 08 Feb 2012 07:22:07 +0100
+
+strongswan (4.5.2-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Drop libopensc2-dev from Build-Depends; that library is now private to
+ opensc and is not required at build time as it's loaded by dlopen() anyway.
+ (Closes: #635890)
+
+ -- Laurent Bigonville <bigon@debian.org> Thu, 08 Sep 2011 16:50:11 +0200
+
+strongswan (4.5.2-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/strongswan-starter.ipsec.init: Init script should depends on
+ remote_fs instead of local_fs, also provide ipsec instead of vpn as
+ the other ipsec implementations (Closes: #629675)
+ * debian/patches/0001-fix-fprintf-format.patch: Fix FTBFS with gcc 4.6,
+ taken from upstream (Closes: #614486)
+ * debian/control: Tighten dependency version against libstrongswan
+ (Closes: #626170)
+ * debian/strongswan-starter.lintian-overrides, debian/rules:
+ Correctly set restricted permissions on /etc/ipsec.d/private/
+ and /var/lib/strongswan (Closes: #598827)
+
+ -- Laurent Bigonville <bigon@debian.org> Mon, 04 Jul 2011 10:58:59 +0200
+
+strongswan (4.5.2-1) unstable; urgency=low
+
+ * New upstream version 4.5.2. This removes a lot of old manpages that were
+ not properly updated since freeswan.
+ Closes: #616482: strongswan-ikev1: virtual ips not released if xauth name
+ does not match id
+ Closes: #626169: strongswan: ipsec tunnels fail because charon segfaults
+ Closes: #625228: strongswan-starter: left-/rightnexthop options are broken
+ Closes: #614105: strongswan-ikev2: charon continually respawns
+ * Fix typo in debian/rules that precluded --enable-nm from being passed to
+ configure (LP: #771778).
+ Closes: #627775: strongswan-nm package is missing nm module
+ * Make sure to install all newly added plugins (and generally files created
+ by make install) by calling dh_install with --fail-missing. Install some
+ newly enabled crypto plugins in the libstrongswan package.
+ Closes: #627783: Please disable modules that are not installed in package
+ at build time
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 May 2011 13:42:21 +0200
+
+strongswan (4.5.1-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sat, 05 Mar 2011 09:27:49 +0100
+
+strongswan (4.5.0-1) unstable; urgency=low
+
+ * New upstream version 4.5.0
+ * Enabled new configure options for additional libstrongswan plugins:
+ --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led
+ --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc
+ * Enable NAT-Traversal with transport mode support so that strongswan
+ can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone
+ clients).
+ * Special handling for strongswan-nm package during build time: only build
+ and install if headers are really available. This supports easier
+ backporting by simply ignoring build-deps and therefore to build all
+ packages except the strongswan-nm without any changes to the source
+ package.
+ * Install test-vectors and revocation plugins for libstrongswan.
+ Closes: #600996: strongswan-starter: plugin 'revocation' failed to load
+ * Acknowledge translations NMU.
+ Closes: #598925: Intent to NMU or help for an l10n upload of strongswan
+ to fix pending po-debconf l10n bugs
+ Closes: #598925 #599888 #600354 #600409 #602449 #603723 #603779
+ * Update Brazilian Portugese debconf translation.
+ Closes: #607404: strongswan: [INTL:pt_BR] Brazilian Portuguese debconf
+ templates translation
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100
+
+strongswan (4.4.1-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ - Fix pending l10n issues. Debconf translations:
+ - Vietnamese (Clytie Siddall). Closes: #598925
+ - Japanese (Hideki Yamane). Closes: #599888
+ - Czech (Miroslav Kure). Closes: #600354
+ - Spanish (Francisco Javier Cuadrado). Closes: #600409
+ - Danish (Joe Hansen). Closes: #602449
+ - Basque (Iñaki Larrañaga Murgoitio). Closes: #603723
+ - Italian (Vincenzo Campanella). Closes: #603779
+
+ -- Christian Perrier <bubulle@debian.org> Wed, 17 Nov 2010 20:21:21 +0100
+
+strongswan (4.4.1-5) unstable; urgency=medium
+
+ * Fixed init script for restart to work when either pluto or charon
+ are not installed.
+ Closes: #598074: init script doesn't re-start the service on restart
+ * Enable built-in crypto test vectors.
+ Closes: #598136: strongswan: Please enable --enable-test-vectors
+ configure option
+ * Install libchecksum.so into correct directory (/usr/lib/ipsec instead of
+ /usr/lib). It still doesn't fix #598138 because of the size mismatch.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 26 Sep 2010 13:48:00 +0200
+
+strongswan (4.4.1-4) unstable; urgency=medium
+
+ * dh_clean should not be called by the install target. This caused the
+ arch: all package strongswan to be built but not included in the changes
+ file.
+ Closes: #593768: strongswan: 4.4.1 unavailable in testing notwhistanding
+ a freeze-exception request
+ * Rewrote parts of the init.d script to make stop/restart more robust
+ when pluto or charon fail.
+ * Closes: #595885: strongswan: FTBFS in squeeze: No package 'libnm_glib_vpn'
+ found
+ This bug was actually closed in 4.4.0 with changed dependencies.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 Sep 2010 13:08:36 +0200
+
+strongswan (4.4.1-3) unstable; urgency=low
+
+ * Change make clean to make distclean to make package building
+ idempotent.
+ Really closes: Bug#593313: strongswan: FTBFS because clean rule fails
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Aug 2010 21:39:03 +0200
+
+strongswan (4.4.1-2) unstable; urgency=low
+
+ * Recompiled with dpkg-buildpackage instead of svn-buildpackage to
+ make the clean target work. I am still looking for the root cause of
+ this quilt 3.0 format and svn-buildpackage incompatibility.
+ Closes: Bug#593313: strongswan: FTBFS because clean rule fails
+ * Removed the --enable-socket-* configure options again. Having multiple
+ socket variants for charon would force to explicitly enable one (in case
+ of pluto co-existance the socket-raw) in strongswan.conf. Disabling the
+ other variants for now at build-time relieves us from changing the
+ default config file and might be more future-proof concerning future
+ upstream changes to configure options.
+ Really closes: #587583
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sat, 21 Aug 2010 23:28:47 +0200
+
+strongswan (4.4.1-1) unstable; urgency=low
+
+ * New upstream release.
+ Closes: #587583: strongswan 4.4.0-2 does not work here: charon seems not
+ to ignore all incoming requests/answers
+ Closes: #506320: strongswan: include directives error and ikev2
+ * Fix typo in debconf templates.
+ Closes: #587564: strongswan: Minor typos in Debconf template
+ * Updated debconf translations.
+ Closes: #587562: strongswan: [INTL:de] updated German debconf translation
+ Closes: #580954: [INTL:es] Spanish debconf template translation for
+ strongswan
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 09 Aug 2010 11:37:25 +0200
+
+strongswan (4.4.0-3) unstable; urgency=low
+
+ * Updated debconf translations.
+ Closes: #587562: strongswan: [INTL:de] updated German debconf translation
+
+ -- Rene Mayrhofer <rmayr@debian.org> Wed, 30 Jun 2010 09:50:31 +0200
+
+strongswan (4.4.0-2) unstable; urgency=low
+
+ * Force enable-socket-raw configure option and enable list-missing option
+ for dh_install to make sure that all required plugins get built and
+ installed.
+ Closes: #587282: plugins missing
+ * Updated debconf translations.
+ Closes: #587052: strongswan: [INTL:fr] French debconf templates
+ translation update
+ Closes: #587159: strongswan: [INTL:ru] Russian debconf templates
+ translation update
+ Closes: #587255: strongswan: [INTL:pt] Updated Portuguese
+ translation for debconf messages
+ Closes: #587241: [INTL:sv] po-debconf file for strongswan
+ * Disabled cisco-quirks configure option, as it causes pluto to emit a
+ bogus Cicso vendor ID attribute. Some Cicso VPN clients might not work
+ without this, but it is less confusing for standards-compliant remote
+ gateways.
+ * Removed leftover attribute plugin source caused by incomplete svn-upgrade
+ call.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 24 Jun 2010 22:32:18 +0200
+
+strongswan (4.4.0-1) unstable; urgency=HIGH
+
+ * New upstream release, now with a high-availability plugin.
+ * Added patch to fix snprintf bug.
+ * Enable building of ha, dhcp, and farp plugins.
+ * Enable capability dropping (now depends on libcap). Switching
+ user to new system user strongswan (with nogroup) after startup
+ is still disabled until the iptables updown script can be made
+ to work.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200
+
+strongswan (4.3.6-1) unstable; urgency=low
+
+ * UNRELEASED
+
+ * New upstream release, now build-depends on gperf.
+ Closes: #577855: New upstream release 4.3.6
+ Closes: #569553: strongswan: Certificates CNs containing email address
+ OIDs are not correctly parsed
+ Closes: #557635: strongswan charon does not rekey forever
+ Closes: #569299: Please update configure check to use new nm-glib
+ pkgconfig file name
+ * Switch to dpkg-source 3.0 (quilt) format
+ * Synchronize debconf handling with current openswan 2.6.25 package to keep
+ X509 certificate handling etc. similar. Thanks to Harald Jenny for
+ implementing these changes in openswan, which I just converted to
+ strongswan.
+ * Now also build a strongswan-dbg package to ship debugging symbols.
+ * Include attr plugin in strongswan-ikev2 package. Thanks to Christoph Lukas
+ for pointing out that this was missing.
+ Closes: #569550: strongswan: Please include attr plugin
+
+ -- Rene Mayrhofer <rmayr@debian.org> Tue, 23 Feb 2010 10:39:21 +0000
+
+strongswan (4.3.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * This release supports integrity checking of libraries, which is
+ now enabled at build-time and can be enabled at run-time using
+ libstrongswan {
+ integrity_test = yes
+ }
+ in /etc/strongswan.conf.
+ * Don't disable internal crypto libraries for pluto. They might be
+ required when working with older ipsec.conf files.
+ * charon now supports "include" directives in ipsec.secrets for
+ compatibility with how the maintainer script includes RSA private keys.
+ * Patched starter to also look at routing table "default" when table
+ "main" doesn't have a default entry. This makes dealing with
+ "%defaulroute" in ipsec.conf more flexible.
+ Update: It seems Astaro was quicker then me sending a patch with
+ exactly that aim to upstream. Now applied this one, which will be
+ part of future upstream releases and uses netlink to read routing
+ tables.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Wed, 21 Oct 2009 11:14:56 +0000
+
+strongswan (4.3.2-1) unstable; urgency=HIGH
+
+ Urgency high because of security issue and FTBFS.
+ * New upstream release, fixes security bug.
+ * Fix padlock handling for i386 in debian/rules.
+ Closes: #525652 (FTBFS on i386)
+ * Acknowledge NMUs by security team.
+ Closes: #533837, #531612
+ * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan,
+ strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force
+ update of the strongswan package on installation and avoid conflicts
+ caused by package restructuring.
+ Closes: #526037: strongswan-ikev2 and strongswan: error when trying to
+ install together
+ Closes: #526486: strongswan and libstrongswan: error when trying to
+ install together
+ Closes: #526487: strongswan-ikev1 and strongswan: error when trying to
+ install together
+ Closes: #526488: strongswan-starter and strongswan: error when trying to
+ install together
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project. Closes: #528073
+ * Debconf translation updates:
+ Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po)
+ Closes: #528323: [INTL:sv] po-debconf file for strongswan
+ Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update
+ Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages
+ Closes: #529071: [INTL:fr] French debconf templates translation update
+ Closes: #529592: nb translation of debconf PO for strongSWAN
+ Closes: #529638: [INTL:ru] Russian debconf templates translation
+ Closes: #529661: Updated Czech translation of strongswan debconf messages
+ Closes: #529742: [INTL:eu] strongswan debconf basque translation
+ Closes: #530273: [INTL:fi] Finnish translation of the debconf templates
+ Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sat, 18 Apr 2009 20:28:51 +0200
+
+strongswan (4.2.14-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix build on i386
+ Closes: #525652: FTBFS on i386:
+ libstrongswan-padlock.so*': No such file or directory
+ * Fix Two Denial of Service Vulnerabilities
+ Closes: #533837: strongSwan Two Denial of Service Vulnerabilities
+
+ -- Ruben Puettmann <ruben@puettmann.net> Sun, 21 Jun 2009 17:50:02 +0200
+
+strongswan (4.2.14-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix two possible null pointer dereferences leading to denial
+ of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or
+ IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612).
+
+ -- Nico Golde <nion@debian.org> Mon, 15 Jun 2009 13:06:05 +0200
+
+strongswan (4.2.14-1) unstable; urgency=low
+
+ * New upstream release, which incorporates the fix. Removed dpatch for it.
+ Closes: #521950: CVE-2009-0790: DoS
+ * New support for EAP RADIUS authentication, enabled for this package.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200
+
+strongswan (4.2.13-2) unstable; urgency=low
+
+ * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the
+ security team for providing the patch.
+ Closes: #521950: CVE-2009-0790: DoS
+ Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
+ to a denial of service attack via a malicious packet.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Tue, 31 Mar 2009 12:00:51 +0200
+
+strongswan (4.2.13-1) unstable; urgency=low
+
+ * New upstream release. This is now compatible with network-manager 0.7
+ in Debian, so start building the strongswan-side support. The actual
+ plugin will need to be another source package.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Mar 2009 10:59:31 +0100
+
+strongswan (4.2.12-1) unstable; urgency=low
+
+ * New upstream release. Starting with this version, the strongswan
+ packages is modularized and includes support for plugins like the
+ NetworkManager plugin. Many details were adopted from Martin Willi's
+ packages.
+ * Dropping support for raw RSA public/private keypairs, as charon does
+ not support it.
+ * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 01 Mar 2009 10:46:08 +0000
+
+strongswan (4.2.9-1) unstable; urgency=low
+
+ * New upstream release, fixes a MOBIKE issue.
+ Closes: #507542: strongswan: endless loop
+ * Explicitly enable compilation with libcurl for CRL fetching
+ Closes: #497756: strongswan: not compiled with curl support; crl
+ fetching not available
+ * Enable compilation with SSH agent support.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Fri, 05 Dec 2008 17:21:42 +0100
+
+strongswan (4.2.4-5) unstable; urgency=high
+
+ Reason for urgency high: this is potentially security relevant.
+ * Patch backported from 4.2.7 to fix a potential DoS issue.
+ Thanks to Thomas Kallenberg for the patch.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 29 Sep 2008 10:35:30 +0200
+
+strongswan (4.2.4-4) unstable; urgency=low
+
+ * Tweaked configure options for lenny to remove somewhat experimental,
+ incomplete, or unnecessary features. Removed --enable-xml,
+ --enable-padlock, and --enable-manager and added --disable-aes,
+ --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5,
+ --disable-sha1, and --disable-sha2 because openssl already
+ contains this code, we depend on it and thus don't need it twice.
+ Padlock support does not do much, because the bulk encryption uses
+ it anyway (being done internally in the kernel) and using padlock
+ for IKEv2 key agreement adds complexity for little gain.
+ Thanks to Thomas Kallenberg of strongswan upstream team for
+ suggesting these changes. The package is now noticable smaller.
+ * Also remove dbus dependency, which is no longer necessary.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 01 Sep 2008 08:59:10 +0200
+
+strongswan (4.2.4-3) unstable; urgency=low
+
+ * Changed configure option to build peer-to-peer service again.
+ Closes: #494678: strongswan: configure option --enable-p2p changed to
+ --enable-mediation
+
+ -- Rene Mayrhofer <rmayr@debian.org> Tue, 12 Aug 2008 20:08:26 +0200
+
+strongswan (4.2.4-2) unstable; urgency=medium
+
+ Urgency medium because this fixes an FTFBS bug on non-i386.
+ * Only compile padlock crypto acceleration support for i386. Thanks for
+ the patch!
+ Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386
+ arches.
+ * Updated Swedish debconf translation.
+ Closes: #492902: [INTL:sv] po-debconf file for strongswan
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Aug 2008 13:02:54 +0200
+
+strongswan (4.2.4-1) unstable; urgency=medium
+
+ Urgency medium because this new upstream versions no longer uses
+ dbus and thus fixed the grave bug from the last Debian package. This
+ version should transit to testing.
+ * New upstream release. Starting with version 4.2.0, crypto algorithms have
+ beeen modularized with existing code ported over. Among other improvments,
+ this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM
+ (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead
+ peer detection by default.
+ Note that charon (IKEv2) now uses the new /etc/strongswan.conf.
+ * Enabled building of VIA Padlock and openssl crypto plugins.
+ * Drop patch to rename AES_cbc_encrypt so as not to conflict with an
+ openssl method of the same name. This has been applied upstream.
+ * This new upstream version no longer uses dbus.
+ Closes: #475098: charon needs dbus but strongswan does not depend on dbus
+ Closes: #475099: charon does not work any more
+ * This new upstream version no longer prints error messages in its
+ init script.
+ Closes: #465718: strongswan: startup on booting returns error messages
+ * Apply patch to ipsec init script to fix bashism.
+ Closes: #473703: strongswan: bashism in /bin/sh script
+ * Updated Czech debconf translation.
+ Closes: #480928: [l10n] Updated Czech translation of strongswan debconf
+ messages
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 10 Jul 2008 14:40:43 +0200
+
+strongswan (4.1.11-1) unstable; urgency=low
+
+ * New upstream release.
+ * DBUS support now interacts with network-manager, so need to build-depend
+ on network-manager-dev.
+ * The web interface has been improved and now requires libfcgi-dev and
+ clearsilver-dev to compile, so build-depend on them. Also build-depend
+ on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were
+ all build-deps before but were not listed explicitly so far - fix that).
+ * Add patch to rename internal AES_cbc_encrypt function and thus avoid
+ conflict with the openssl function.
+ Closes: #470721: pluto segfaults when using pkcs11 library linked with
+ OpenSSL
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200
+
+strongswan (4.1.10-2) unstable; urgency=low
+
+ * Enable new configure options: dbus, xml, nonblocking, thread, peer-
+ to-peer NAT-traversal and the manager interface support.
+ * Also set the default path to the opensc-pkcs11 engine explicitly.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Fri, 15 Feb 2008 10:25:49 +0100
+
+strongswan (4.1.10-1) unstable; urgency=low
+
+ * New upstream release.
+ Closes: #455711: New upstream version 4.1.9
+ * Updated Japanese debconf translation.
+ Closes: #463321: strongswan: [INTL:ja] Update po-debconf template
+ translation (ja.po)
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 15:15:14 +0100
+
+strongswan (4.1.8-3) unstable; urgency=low
+
+ * Force use of hardening-wrapper when building the package by setting
+ a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in
+ debian/rules.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 14:14:48 +0100
+
+strongswan (4.1.8-2) unstable; urgency=medium
+
+ * Ship our own init script, since upstream no longer does. This is still
+ installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be
+ backwards compatible.
+ Really closes: #442880: strongswan: postinst failure (missing
+ /etc/init.d/ipsec)
+ * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not
+ marking them as conffiles isn't the right thing either. Instead, now
+ use the includes feature to pull in config snippets that are
+ modified by debconf. It's not perfect, though, as the IKEv1/IKEv2
+ protocols can't be enabled/disabled with includes. Therefore don't
+ support this option in debconf for the time being, but default to
+ enabled for both IKE versions. The files edited with debconf are kept
+ under /var/lib/strongswan.
+ * Cleanup debian/rules: no longer need to remove leftover files from
+ patching, as currently there are no Debian-specific patches (fortunately).
+ * More cleanup: drop debconf translations hack for woody compatibility,
+ depend on build-stamp instead of build in the install-strongswan target,
+ and remove the now unnecessary dh_clean -k call in install-strongswan so
+ that configure shouldn't run twice during building the package.
+ * Update French debconf translation.
+ Closes: #448327: strongswan: [INTL:fr] French debconf templates
+ translation update
+
+ -- Rene Mayrhofer <rmayr@debian.org> Fri, 02 Nov 2007 21:55:29 +0100
+
+strongswan (4.1.8-1) unstable; urgency=low
+
+ The "I'm back from my long semi-vacation, and strongswan is now bug-free
+ again" release.
+ * New upstream release.
+ Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec)
+ Closes: #431874: strongswan - FTBFS: cannot create regular file
+ `/etc/ipsec.conf': Permission denied
+ * Explicitly use debhalper compatbility version 5m now using debian/compat
+ instead of DH_COMPAT.
+ * Since there's no configurability in dh_installdeb's mania to flag
+ everything below /etc as a conffile, now hack DEBIAN/conffiles directly
+ to remove ipsec.conf and ipsec.secrets.
+ Closes: #442929: strongswan: Maintainer script modifies conffiles
+ * Add/update debconf translations.
+ Closes: #432189: strongswan: [INTL:de] updated German debconf translation
+ Closes: #432212: [l10n] Updated Czech translation of strongswan debconf
+ messages
+ Closes: #432642: strongswan: [INTL:fr] French debconf templates
+ translation update
+ Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for
+ debconf messages
+
+ -- Rene Mayrhofer <rmayr@debian.org> Fri, 26 Oct 2007 16:16:51 +0200
+
+strongswan (4.1.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Fixed debconf descriptions.
+ Closes: #431157: strongswan: Minor errors in Debconf template
+ * Include Portugese and
+ Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf
+ messages
+ Closes: #431154: strongswan: [INTL:de] initial German debconf translation
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 05 Jul 2007 00:53:01 +0100
+
+strongswan (4.1.3-1) unreleased; urgency=low
+
+ * New upstream release.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 03 Jun 2007 18:39:11 +0100
+
+strongswan (4.1.1-1) unreleased; urgency=low
+
+ Major new upstream release:
+ * IKEv2 support with the new "charon" daemon in addition to the old "pluto"
+ which is still used for IKEv1.
+ * Switches to auto* tools build system.
+ * The postinst script is still not quite as complete in updating the 2.8.x
+ config automatically to a new 4.x config, but I don't want to wait any
+ longer with the upload. It can be improved later on.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 12 Apr 2007 21:33:56 +0100
+
+strongswan (2.8.3-1) unstable; urgency=low
+
+ * New upstream release with fixes for the SHA-512-HMAC function and
+ added SHA-384 and SHA-2 implementations.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Thu, 22 Feb 2007 20:19:45 +0000
+
+strongswan (2.8.2-1) unstable; urgency=low
+
+ * New upstream release with interoperability fixes for some VPN
+ clients.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Tue, 30 Jan 2007 12:21:20 +0000
+
+strongswan (2.8.1+dfsg-1) unstable; urgency=low
+
+ * New upstream release, now with XAUTH support.
+ * Explicitly enable smartcard and vendorid options as well as a
+ few more in debian/rules.
+ Closes: #407449: strongswan: smartcard support is disabled
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 21:06:25 +0000
+
+strongswan (2.8.1-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 20:59:11 +0000
+
+strongswan (2.8.0+dfsg-1) unstable; urgency=low
+
+ * New upstream release.
+ * Update debconf templates.
+ Closes: #388672: strongswan: [INTL:fr] French debconf templates
+ translation update
+ Closes: #389253: [l10n] Updated Czech translation of strongswan
+ debconf messages
+ Closes: #391457: [INTL:nl] Updated dutch po-debconf translation
+ Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf
+ template translation (ja.po)
+ * Fix broken reference to a now non-existing config file. no_oe.conf
+ has been replaced by oe.conf, with the opposite meaning. Changed
+ postinst to deal with it correctly now, and also try to convert
+ older config file lines to newer (e.g. when updating from openswan
+ to strongswan).
+ Closes: #391565: fails to start : /etc/ipsec.conf:46: include
+ files found no matches
+ [/etc/ipsec.d/examples/no_oe.conf]
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 6 Nov 2006 19:01:58 +0000
+
+strongswan (2.7.3+dfsg-1) unstable; urgency=low
+
+ * New upstream release. Another try on getting it into unstable.
+ Closes: #372267: ITP: strongswan -- second fork of freeswan.
+ * Call debian-updatepo in the clean target, in line with the openswan
+ change for its version 2.4.6+dfsg-1.
+ * Remove man2html, htmldoc, and lynx from the Build-Deps because we no
+ longer rebuild the documentation tree.
+ * Starting shipping a lintian overrides file to finally silence the
+ warnings about non-standard-(file|dir)-perms (they are intentional).
+ * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings.
+ * Add po-debconf to build dependencies.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Wed, 23 Aug 2006 21:23:36 +0100
+
+strongswan (2.7.2+dfsg-1) unstable; urgency=low
+
+ * First upload to the main Debian archive. This does no longer build
+ the linux-patch-strongswan and strongswan-modules-source packages,
+ as KLIPS will be removed from the strongswan upstream source anyway
+ for the next major release. However, the openswan KLIPS could should
+ be interoperable with strongswan user space.
+ Closes: #372267: ITP: strongswan -- second fork of freeswan.
+ * This upload removes the draft RFCs, as they are not considered free under
+ the DFSG.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Sun, 9 Jul 2006 12:40:34 +0100
+
+strongswan (2.7.2-1) unstable; urgency=low
+
+ * New upstream release. This release fixes a potential DoS problem.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Jun 2006 12:34:43 +0100
+
+strongswan (2.7.0-1) unstable; urgency=low
+
+ * Initial Debian packaging of strongswan. This is directly based on my
+ Debian package of openswan 2.4.5-3.
+ * Do not compile and ship fswcert right now, because it is not included
+ in strongswan upstream. If it turns out to be necessary for supporting
+ easy-to-use OE in the future (i.e. for generating the DNS format for the
+ public keys from generated X.509 certificates), I will re-add it to the
+ Debian package.
+ * Also disabled my patches to use /etc/default instead of /etc/sysconfig for
+ now. Something like that will be necessary in the future, but those parts
+ of strongswan differ significanty from openswan.
+
+ -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100
+
+Local variables:
+mode: debian-changelog
+End:
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 11:57:14 +0000